Skip to Content
Security & privacy

218 million ‘Words with Friends’ accounts exposed

In an ever-changing cyber landscape of distracting games, “Words with Friends” has endured. Because of its popularity and huge user base, it was only a matter of time before hackers targeted the game.

That time has come and criminals have exposed the data of hundreds of millions of players. It’s the latest major data breach in less than a week.

We have the information on exactly what player data was exposed and how many people were affected. We’ll also tell you how the company that owns “Words with Friends” is handling the hack.

Words with hackers

A hacker is claiming credit for stealing information on more than 218 million “Words With Friends” players. The game’s parent company, Zynga Inc., has confirmed the breach but has not commented on how many people were affected.

If you’re impacted by the hack, here’s the data reportedly stolen:

  • Names
  • Email addresses
  • Login IDs
  • Hashed and salted passwords (encrypted)
  • Phone numbers, where provided
  • Password reset tokens, if one had ever been requested
  • Facebook IDs, if connected to the social media platform
  • Zynga account IDs

Android and iOS users who installed and signed up to play “Words with Friends” before Sept. 3, 2019 may be affected by the breach. Data from some users of another Zynga product, “Draw Something Classic,” was also caught up in the breach.


Related: Customers’ personal data stolen in breach of major wireless carrier


Zynga immediately launched an investigation after discovering the data breach, the company said in a statement. It brought in third-party forensic firms and contacted law enforcement. Zynga added it does not believe any financial information was stolen.

The company in question owns several other popular games such as “FarmVille,” “Mafia Wars” and “Zynga Poker.”

Protecting hacked accounts

Zynga is providing very few details about the breach but says it’s automatically locking down affected accounts. The company is also in the process of notifying impacted users.

If you play “Words with Friends” you should, at the very least, reset your password. You should also follow our tips for protecting yourself after a hack:

  • Beware of phishing scams – Scammers piggyback on large breaches and create phishing emails pretending to be the affected company. Phishers hope victims click on malicious links, which can lead to more problems.
  • Keep an eye on your bank accounts – Frequently check your bank accounts for suspicious activity. If you see anything strange, report it immediately.
  • Check your online accounts – Have I Been Pwned is an easy to use website that monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Get a credit freeze – If you think your identity has already been compromised, put a credit freeze on your accounts as soon as you can.
  • Have strong security software – This is the best defense against digital threats.
  • Use different passwords – It’s always a bad idea to use the same password for a variety of websites. If one site is breached, it puts your accounts on other sites at a greater risk.

Hacks and data leaks will not stop and they certainly won’t be going away. will continue to provide you with information on the latest incidents. Tap or click here to sign up for Kim’s Fraud & Security Alerts newsletter, and be the first to learn about product recalls, data breaches and breaking tech news.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook